#!/bin/bash

# OTA JWT 认证测试脚本

# 配置参数
PRODUCT_ID="1234"
SN="1234567890"
SECRET_KEY="_sF~#_Nx3'6Mrp)"  # 产品签名密钥
CURRENT_VERSION="1.0.0"
SERVER_URL="http://localhost:8081/test"  # 服务器地址

# JWT Header (HS512算法)
HEADER='{"alg":"HS512","typ":"JWT"}'

# 生成随机数用于JWT
RAN=$(openssl rand -hex 16)

# JWT Payload
PAYLOAD="{\"pid\":\"$PRODUCT_ID\",\"sn\":\"$SN\",\"v\":\"$CURRENT_VERSION\",\"iat\":$(date +%s),\"exp\":$(($(date +%s) + 300)),\"jti\":\"$RAN\"}"

echo "测试参数:"
echo "产品ID: $PRODUCT_ID"
echo "设备SN: $SN" 
echo "当前版本: $CURRENT_VERSION"
echo "服务器地址: $SERVER_URL"
echo "签名密钥: $SECRET_KEY"
echo ""

# Base64Url编码函数
base64url() {
    openssl base64 | tr -d '=' | tr '+/' '-_' | tr -d '\n'
}

# 生成JWT
generate_jwt() {
    ENCODED_HEADER=$(echo "$HEADER" | base64url)
    ENCODED_PAYLOAD=$(echo "$PAYLOAD" | base64url)
    SIGNATURE=$(echo "${ENCODED_HEADER}.${ENCODED_PAYLOAD}" | openssl dgst -sha512 -hmac "$SECRET_KEY" -binary | base64url)
    JWT="${ENCODED_HEADER}.${ENCODED_PAYLOAD}.${SIGNATURE}"
    echo $JWT
}

echo "生成JWT payload:"
echo "$PAYLOAD"
echo ""

JWT_TOKEN=$(generate_jwt)
echo "生成的JWT Token:"
echo "$JWT_TOKEN"
echo ""

# 测试1: 检查更新接口
echo "=========================="
echo "测试1: 检查更新接口"
echo "=========================="

CHECK_DATA="{\"product_id\":\"$PRODUCT_ID\",\"current_version\":\"$CURRENT_VERSION\",\"sn\":\"$SN\"}"

echo "请求数据: $CHECK_DATA"
echo ""

curl -X POST "$SERVER_URL/ota/check" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $JWT_TOKEN" \
  -d "$CHECK_DATA" \
  -w "\n状态码: %{http_code}\n" \
  -s

echo ""

# 测试2: 下载接口（如果有固件文件的话）
echo "=========================="
echo "测试2: 下载固件接口"
echo "=========================="

echo "尝试下载固件文件..."
curl -X GET "$SERVER_URL/ota/download/$PRODUCT_ID/test_firmware.bin" \
  -H "Authorization: Bearer $JWT_TOKEN" \
  -w "\n状态码: %{http_code}\n" \
  -s \
  -o /dev/null

echo ""

# 测试3: 报告升级状态接口
echo "=========================="
echo "测试3: 报告升级状态接口"
echo "=========================="

REPORT_DATA="{\"sn\":\"$SN\",\"product_id\":\"$PRODUCT_ID\",\"version\":\"1.1.0\",\"status\":\"success\",\"message\":\"升级成功\"}"

echo "请求数据: $REPORT_DATA"
echo ""

curl -X POST "$SERVER_URL/ota/report" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $JWT_TOKEN" \
  -d "$REPORT_DATA" \
  -w "\n状态码: %{http_code}\n" \
  -s

echo ""

# 测试4: 错误的JWT（错误的签名密钥）
echo "=========================="
echo "测试4: 错误的JWT签名"
echo "=========================="

WRONG_SECRET="wrong_key"
WRONG_SIGNATURE=$(echo "${ENCODED_HEADER}.${ENCODED_PAYLOAD}" | openssl dgst -sha512 -hmac "$WRONG_SECRET" -binary | base64url)
WRONG_JWT="${ENCODED_HEADER}.${ENCODED_PAYLOAD}.${WRONG_SIGNATURE}"

echo "使用错误的JWT token测试："
curl -X POST "$SERVER_URL/ota/check" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $WRONG_JWT" \
  -d "$CHECK_DATA" \
  -w "\n状态码: %{http_code}\n" \
  -s

echo ""

# 测试5: 参数不匹配（JWT中的ProductID与请求参数不同）
echo "=========================="
echo "测试5: 参数不匹配测试"
echo "=========================="

WRONG_DATA="{\"product_id\":\"wrong_product\",\"current_version\":\"$CURRENT_VERSION\",\"sn\":\"$SN\"}"

echo "使用不匹配的产品ID测试："
echo "请求数据: $WRONG_DATA"
curl -X POST "$SERVER_URL/ota/check" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $JWT_TOKEN" \
  -d "$WRONG_DATA" \
  -w "\n状态码: %{http_code}\n" \
  -s

echo ""
echo "测试完成！" 